Aggregator
Valencia
1 year 9 months ago
cohenido
Valencia
1 year 9 months ago
cohenido
海莲花APT组织最新攻击样本与威胁情报
1 year 9 months ago
海莲花APT组织最新攻击样本与威胁情报
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
1 year 9 months ago
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the KEV entry does not say that it’s being leveraged in ransomware campaigns, both Arctic Wolf and Rapid7 say that there is indirect evidence pointing to that. What we know so far On the same day … More →
The post CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) appeared first on Help Net Security.
Zeljka Zorz
发布 | 中国网络空间安全协会发布完成个人信息收集使用合规整改App清单
1 year 9 months ago
为规范App收集使用个人信息行为,保护个人信息权益,推动形成全社会共同维护个人信息安全的良好环境,中国网络空间安全协会组织指导共10类62款App运营方,重点针对超范围收集个人信息等个人信息收集使用问题完成了合规整改优化。
权威解读 | 《电子政务电子认证服务管理办法》
1 year 9 months ago
国家密码管理局研究制定了《电子政务电子认证服务管理办法》(国家密码管理局令第4号),现就《办法》的有关内容解读如下。
发布 | 《粤港澳大湾区(内地、澳门)个人信息跨境流动标准合同实施指引》全文
1 year 9 months ago
近日,国家互联网信息办公室与澳门特别行政区政府经济及科技发展局、澳门特别行政区政府个人资料保护局共同制定并发布《粤港澳大湾区(内地、澳门)个人信息跨境流动标准合同实施指引》。
2024网安周 | 2024年人工智能技术赋能网络安全应用测试结果公布
1 year 9 months ago
9月9日上午,在广州召开的国家网络安全宣传周网络安全技术高峰论坛主论坛上,发布了2024年人工智能技术赋能网络安全应用测试结果。
发布 | 国家密码管理局发布《电子政务电子认证服务管理办法》全文
1 year 9 months ago
办法自2024年11月1日起施行。
2024网安周 | 2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州市举行
1 year 9 months ago
9月9日,2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州市南沙国际金融论坛会议中心举行。
2024网安周 | 《网络安全人才实战能力白皮书-安全测试评估篇》正式发布
1 year 9 months ago
9月10日,国内首个聚焦“安全测试评估”的白皮书——《网络安全人才实战能力白皮书-安全测试评估篇》在国家网络安全宣传周正式发布。
2024网安周 | 流量预警,多图来袭!一文看遍2024年网络安全博览会
1 year 9 months ago
作为历年网安周的重磅活动之一,2024年国家网络安全宣传周网络安全博览会暨网络安全产品和服务供需洽谈会于9月7日在广东省广州市开幕。
CVE-2024-40754 | Samsung Escargot 4.0.0 heap-based overflow
1 year 9 months ago
A vulnerability was found in Samsung Escargot 4.0.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to heap-based buffer overflow.
This vulnerability is handled as CVE-2024-40754. The attack may be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-43781 | Siemens SINUMERIK 828D/SINUMERIK ONE Create MyConfig log file (ssa-097786)
1 year 9 months ago
A vulnerability has been found in Siemens SINUMERIK 828D and SINUMERIK ONE and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Create MyConfig. The manipulation leads to sensitive information in log files.
This vulnerability is known as CVE-2024-43781. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-41171 | Siemens SINUMERIK 828D/SINUMERIK ONE permission assignment (ssa-342438)
1 year 9 months ago
A vulnerability, which was classified as critical, was found in Siemens SINUMERIK 828D and SINUMERIK ONE. Affected is an unknown function. The manipulation leads to incorrect permission assignment.
This vulnerability is traded as CVE-2024-41171. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6282 | litonice13 Master Addons Plugin up to 2.0.6.4 on WordPress cross site scripting
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in litonice13 Master Addons Plugin up to 2.0.6.4 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-6282. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-45845 | nix up to 2.24.5 path traversal
1 year 9 months ago
A vulnerability classified as critical was found in nix up to 2.24.5. This vulnerability affects unknown code. The manipulation leads to path traversal.
This vulnerability was named CVE-2024-45845. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
CVE-2024-41170 | Siemens Tecnomatix Plant Simulation prior 2302.0015/2404.0004 SPP File stack-based overflow (ssa-427715)
1 year 9 months ago
A vulnerability classified as critical has been found in Siemens Tecnomatix Plant Simulation. This affects an unknown part of the component SPP File Handler. The manipulation leads to stack-based buffer overflow.
This vulnerability is uniquely identified as CVE-2024-41170. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-37994 | Siemens SIMATIC Reader RF610R CMIIT up to 4.1 Configuration backdoor (ssa-765405)
1 year 9 months ago
A vulnerability was found in Siemens SIMATIC Reader RF610R CMIIT, SIMATIC Reader RF610R ETSI, SIMATIC Reader RF610R FCC, SIMATIC Reader RF615R CMIIT, SIMATIC Reader RF615R ETSI, SIMATIC Reader RF615R FCC, SIMATIC Reader RF650R ARIB, SIMATIC Reader RF650R CMIIT, SIMATIC Reader RF650R ETSI, SIMATIC Reader RF650R FCC, SIMATIC Reader RF680R ARIB, SIMATIC Reader RF680R CMIIT, SIMATIC Reader RF680R ETSI, SIMATIC Reader RF680R FCC, SIMATIC Reader RF685R ARIB, SIMATIC Reader RF685R CMIIT, SIMATIC Reader RF685R ETSI, SIMATIC Reader RF685R FCC, SIMATIC RF1140R, SIMATIC RF1170R, SIMATIC RF166C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF186CI, SIMATIC RF188C, SIMATIC RF188CI and SIMATIC RF360R up to 4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation leads to backdoor.
This vulnerability is handled as CVE-2024-37994. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com